Configuring the Directory Server
Configuring Security in the Directory Server
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
When you add a global ACI, make sure that you escape all special characters in the ACI specification as required by your command-line shell.
The following example adds the global ACI that was removed in the previous procedure, using dsconfig in non-interactive mode:
$ dsconfig -D cn="Directory Manager" -w password -n set-access-control-handler-prop \ --add global-aci:\(targetattr!=\"userPassword\|\|authPassword\"\) \ \(version\ 3.0\;\ acl\ \"Anonymous\ read\ access\"\;\ allow\ \(read,search,compare\) \ userdn=\"ldap:///anyone\"\;\)